Jeff King wrote: > All of that said, I think the current code is quite dangerous already, > and maybe even broken. upload-pack may run sub-commands like rev-list > or pack-objects, which are themselves builtins. Sounds like more commands to set the IGNORE_PAGER_CONFIG flag for in git.c. Thanks for looking this over thoughtfully. [...] > I couldn't quite get it to work, but I think it's because I'm doing > something wrong with the submodules. But I also think this attack would > _have_ to be done over ssh, because on a local system the submodule > clone would a hard-link rather than a real fetch. What happens if the submodule URL starts with file://? Thanks, Jonathan
